

import org.annoflow.filter.Filter;
import org.annoflow.filter.sqli.SQLBoundFilter;
import org.annoflow.filter.xss.SanitizeHTMLFilter;
import org.annoflow.filter.xss.XSSFilter;

import dummy.lib.UserForm;
import dummy.test.perf.ZHTMLTestClass;
public class UserInputTest implements ZHTMLTestClass {
	public void loadClasses() {

	}

	public void doTest() {

			String name = "John"; /* Simulated user input */
			String greeting = "Hello, World!"; /* Simulated user input */
			int id = 100; /* Simulated system-generated value */

			/* Create a form based on the inputs */
			UserForm form = new UserForm(id, name, greeting);

			// Store to a backend DB
			try {
				commitToDatabase(id, name, greeting);
			} catch (Exception e) {
				System.out.println("Caught SQL injection attempt!");
				return;
			}

			// Now display it back to the user
			try {
				String str = toHTML(form);
				System.out.println(str);
			} catch (Exception e) {
				System.out.println("Caught potentially unsafe printing!");

				// Sanitize the HTML and try again
				String str = toHTML(sanitize(form));
				System.out.println(toHTML(str));
			}


	}

	@Filter(type = SQLBoundFilter.class)
	private static void commitToDatabase(int id, String name, String greeting) {
		/* Simulated write to database */
	}

	@Filter(type = XSSFilter.class)
	private static String toHTML(Object obj) {
		StringBuilder msg = new StringBuilder();
		msg.append("<html>");
		msg.append(obj.toString());
		msg.append("</html>");
		return msg.toString();
	}

	@Filter(type = SanitizeHTMLFilter.class)
	private static String sanitize(Object obj) {
		return obj.toString();
	}

}
